Delivery-Date: Sat, 23 Apr 2016 15:54:39 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2B5721E03F4;
	Sat, 23 Apr 2016 15:54:37 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E609D3A882;
	Sat, 23 Apr 2016 19:54:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 64D313A872
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 19:54:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id cs93nYGQfL0j for <tor-talk@lists.torproject.org>;
 Sat, 23 Apr 2016 19:54:29 +0000 (UTC)
Received: from smtpq3.tb.mail.iss.as9143.net (smtpq3.tb.mail.iss.as9143.net
 [212.54.42.166])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 293BA3A859
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 19:54:28 +0000 (UTC)
Received: from [212.54.42.110] (helo=smtp7.tb.mail.iss.as9143.net)
 by smtpq3.tb.mail.iss.as9143.net with esmtp (Exim 4.82)
 (envelope-from <robvanderhoeven@ziggo.nl>) id 1au3dJ-0003va-A2
 for tor-talk@lists.torproject.org; Sat, 23 Apr 2016 21:54:25 +0200
Received: from 5353e507.cm-6-4d.dynamic.ziggo.nl ([83.83.229.7]
 helo=[172.16.1.170]) by smtp7.tb.mail.iss.as9143.net with esmtpsa
 (TLS1.2:DHE_RSA_CAMELLIA_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <robvanderhoeven@ziggo.nl>) id 1au3dJ-00024H-7C
 for tor-talk@lists.torproject.org; Sat, 23 Apr 2016 21:54:25 +0200
Message-ID: <1461441264.6149.45.camel@pentium.freedom.box>
From: Rob van der Hoeven <robvanderhoeven@ziggo.nl>
To: tor-talk@lists.torproject.org
Date: Sat, 23 Apr 2016 21:54:24 +0200
In-Reply-To: <571BC6FE.5080205@gmx.com>
References: <1461417342.6149.17.camel@pentium.freedom.box>
 <571BC6FE.5080205@gmx.com>
X-Mailer: Evolution 3.4.4-3 
Mime-Version: 1.0
X-Authenticated-Sender: robvanderhoeven@ziggo.nl (via SMTP)
X-Ziggo-spambar: /
X-Ziggo-spamscore: 0.0
X-Ziggo-spamreport: CMAE Analysis: v=2.1 cv=XYZ0t9N5 c=1 sm=0 tr=0
 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19 a=IkcTkHD0fZMA:10 a=kziv93cY1bsA:10
 a=cii27-rUAAAA:8 a=I19NHHoqAAAA:8 a=WaPxfiFQMzt6M3b1gRsA:9 a=QEXdDO2ut3YA:10
 xcat=Undefined/Undefined none
X-Ziggo-Spam-Status: No
Subject: Re: [tor-talk] 12.7 percent of the domains I visit are intercepted
 by CloudFlare
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, 2016-04-23 at 14:03 -0500, Joe Btfsplk wrote:
> On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
> > Hi,
> >
> > Today I got an idea of how to measure "The CloudFlare problem". It turns
> > out that every time you visit a website that's behind CloudFlare a
> > cookie is set with the name __cfduid
> >
> > If you use Firefox these cookies end up in a SQLite database which can
> > be queried with the SQLite Manager add-on. My total number of cookies is
> > 2523 (I disable third-party cookies by default). CloudFlare cookies:
> > 321. So 321/2523 *100 = 12.7% of the domains I have visited are
> > monitored by CloudFlare. Quite shocking I think.
> >
> > Rob.
> > https://hoevenstein.nl
> >   
> Are you saying using TBB, cloudflare sets cookies withOUT either
> checking "accept cookies from sites;"
> or entering an exception for their domain in TBB's cookie exceptions;
> or when in Options > Privacy - "Accept 3rd party cookies" = Never?
> 

I am not using TBB. Sorry I was not clear about this. I use the normal
Firefox, enhanced with NoScript, AddBlockPlus etc. I changed the privacy
settings so that "Accept cookies from sites" is allowed, but "Accept
third-party cookies" is set to "Never"

Now the interesting (nasty) properties of CloudFlare cookies are:

1) They are not coming from the CloudFlare domain, but from the domain
you are visiting. If you surf to abcdef.com and that site uses
CloudFlare then the CloudFlare cookie is set for the abcdef.com domain.
CloudFlare clearly is a third-party, but their cookies can not be
disabled by refusing third-party cookies. 

2) Many of *my* CloudFlare cookies have an expiration date of 23 dec
2019. These are clearly ment to be tracking cookies. 

Rob.
https://hoevenstein.nl


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

